Digital Identity: It’s vital that new digital identity solutions move identity out of the hands of the few and back where it belongs – with its owner, says Ingo Rübe, founder of KILT Protocol.
Digital identity is first and foremost who we are and how we engage in the digital realm. It should not be defined or manipulated by others. Yet currently our identities are scattered across sites, apps and services and no longer under our control. How is digital identity composed, and how can we take it back into our own hands?
Digital Identity in the Physical World
Identity is naturally decentralized in the physical world. At its center are identifiers – our fingerprints, our face, our signature – those things that make each one of us unique. These are core parts of our identity, not given to us by the government or external institutions.
Linked to these identifiers are credentials issued by trusted entities or external institutions. These express our rights, our preferences, and our abilities, for example, our passport and driver’s license, the organizations we belong to, certificates, our gaming score, and so on. Together, the identifier and credentials make up who we are.
In real life, this model is highly scalable, privacy-preserving, relatively secure, and cost-effective. Our passport or any certificates we have stay with us, and we choose when to show them and to whom.
So for example, if you want to buy a whiskey and need to prove that you are older than 18, you can choose which credential to show – your passport, identity card, or driver’s license.
If all that is needed is your age, you can let the bartender see the photo on your driver’s license – to match your picture with your face, your unique identifier – and your year of birth. Then you can employ what’s known as “selective disclosure” by putting your finger over your name, exact date of birth or your current address, which is private information the bartender doesn’t need.
No other entity needs to be involved because the bartender trusts the issuer of the credential – in this example, the government – and gives you the whiskey. This makes identity in the physical world very scalable.
A Shaky Foundation
Digital identity is the foundation of trusted online interactions. This is the case for individuals, but also for business and banks. And, for anyone who needs to be sure that the person they are dealing with online is who they say they are; which is pretty much everybody!
We need to prove our identity for nearly every service on the internet, from getting access to apps and websites, to buying things and paying bills. For this identification, passwords, codes, two-factor authentication and many other means are used.
Typically, this personal information is centralized in data silos, making it susceptible to data breaches.
And along with the challenge of remembering all our login combinations and passwords, our personal information can be stored and retargeted by monopolies and marketers, often without our knowledge or consent.
As a result, our identifiers (email address, social media accounts) and our credentials are generated and used by a small number of large companies. They control our identity… and as a result, they control us.
We need so many different pieces of our identity for different platforms that it’s nearly impossible to keep track of them all, let alone manage them as a full digital identity.
Decentralized Digital Identity
To break this cycle of data collection by centralized services, we need a new form of digital identity. This form must be created in a way that we can claim it directly for ourselves and store it on our local devices.
There are three crucial things to be considered when developing such an identity solution:
-The identity infrastructure needs to be created at the protocol level – freely available for all, not controlled by a single company or any other central entity
-We need a global solution that enables individuals, businesses and governments to rely on a common standard
-Identifiers must be created, owned and fully controlled by the person they identify
-It needs to be scalable, secure, cost-effective and practical.
These criteria can now be met with blockchain technology to create a truly decentralized digital identity.
DIDs and Credentials
As in the physical world, digital identity should be built around a core that is unique to that person or entity. Using blockchain, a user can generate a unique decentralized identifier (DID) on their device. This is a unique string of letters and numbers, based on a global standard. DIDs can also be generated for machines, services, and anything that identities can be built on.
A DID can then be linked with credentials. These are digital certificates that attest to attributes, rights or capabilities of that person or thing, building the identity. And since DIDs can be attached to assets, they can also show digital ownership. There are a few things to be considered around credentials:
-They need to be issued by people, entities or organizations we trust
-We need to be able to verify them in regards to their authenticity as well as in regard to their issuer
-The person must own the credential and be able to decide who it is shared with
-There needs to be a way for the issuer to revoke them if they expire or in case of relevant changes.
Owning Your Digital Identity
The owner of the DID and credentials can store them in a digital wallet that is under their control and protected by cryptography. Each identity is built around one non-transferable DID. However, one person can create several identities based on different DIDs; one for daily life, one for work, one for gaming, etc.
Since in real life things are subject to change, credentials also need to be revocable, with an easy way to confirm they are still valid.
Information in the credentials is never stored on the blockchain; instead, it is represented by a hash (a string of letters and numbers). Only those individuals or entities that the owner shares the credential with (or part of it) can check the information, increasing privacy.
Practical and Sustainable
In the past, building this kind of solution using blockchain was limited by high and unpredictable transaction costs, lack of scalability, and environmental concerns. Thanks to the design of newer carbon-friendly and low-cost blockchains, a decentralized identity solution can now be used for free or inexpensively, making it accessible to all.
Blockchain standardization, security, scalability and stability also makes it suitable for adoption by enterprise. Easy-to-use applications can be custom built, and some are designed so the user doesn’t need to interact with or buy cryptocurrency, making mainstream adoption possible.
This approach also opens up new business models for established institutions to leverage the trust they enjoy to issue credentials. These institutions can range from large established companies or universities, to gaming or local communities, depending on the credential and the requirements for its usage.
Real-world decentralized identity solutions are already up and running, and are gradually being adopted by international institutions and governments. One recent example is the German Energy Association’s pilot project on digital machine identities. It is a collaborative effort that demonstrated how they can be used inside a highly-regulated environment. (Report currently available in German only.)
Blockchain is about to take the web as we know it to a whole new level. Integrations are already being built around supply chain, asset ownership, media, and sustainability. This is the point at which we can finally correct mistakes from the past and take back control of our identity in the digital space. To have a web that truly allows us ownership over our assets and our data, decentralized digital identity is vital.
About the Author
Ingo Ruebe is the founder of KILT Protocol, a blockchain identity protocol for issuing self-sovereign, decentralized identifiers (DIDs) and verifiable credentials. KILT provides practical, scalable, secure identity solutions for enterprise and consumers. Decentralized identity services built on KILT include SocialKYC certification for email addresses and social media accounts, and DIDsign, a private way to sign any type of digital file directly in your browser.
Got something to say about digital identity or anything else? Write to us or join the discussion in our Telegram channel. You can also catch us on Tik Tok, Facebook, or Twitter.
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.